svn commit: trunk/busybox/archival/libunarchive

landley at busybox.net landley at busybox.net
Mon Feb 20 02:18:04 UTC 2006


Author: landley
Date: 2006-02-19 18:18:03 -0800 (Sun, 19 Feb 2006)
New Revision: 14137

Log:
The gentoo security guys found another way to segfault busybox's decompression
code: we can do a null dereference if one of our huffman tables has all zero
length codes.  This fixes it.  (Thanks solar.)


Modified:
   trunk/busybox/archival/libunarchive/decompress_unzip.c


Changeset:
Modified: trunk/busybox/archival/libunarchive/decompress_unzip.c
===================================================================
--- trunk/busybox/archival/libunarchive/decompress_unzip.c	2006-02-20 00:20:46 UTC (rev 14136)
+++ trunk/busybox/archival/libunarchive/decompress_unzip.c	2006-02-20 02:18:03 UTC (rev 14137)
@@ -271,7 +271,7 @@
 	if (c[0] == n) { /* null input--all zero length codes */
 		*t = (huft_t *) NULL;
 		*m = 0;
-		return 0;
+		return 2;
 	}
 
 	/* Find minimum and maximum length, bound *m by those */




More information about the busybox-cvs mailing list